Blog Posts Tagged: EMV Cards

Before the EMV Standard Goes into Effect in 2015, Hackers Are Going All Out to Cash in on U.S. Legacy Mag-Stripe Plastic

For fraud and fraud-related losses, this past year could turn out to be the worst ever recorded. In his article on paymentweek.com(link to article), Kevin Xu cites the LexisNexis True Cost of Fraud study and finds that the numbers bear out that projection.

Fraud numbers up

According to the study, merchants suffered 133 successful fraudulent transactions per month this year, which is up a whopping 46 percent over last year. And, in 2014, merchants are losing a higher percentage of revenue to fraud — 0.68 percent compared to 0.51 percent in 2013. Plus, they’re paying more per dollar of fraud. In 2013, it was $2.79. That increased to $3.08 in 2014. The study attributed the increase in mobile-channel fraud to the fact that more physical-goods retailers have begun accepting mobile payments.

Mobile, online, mail and phone losses

Mobile-channel frauds cost retailers $3.34 per dollar of fraud losses. Online channel losses are $2.69 per dollar of fraud while other channels, which include mail and telephone, cost $3.29 per dollar of fraud losses.

Hackers gettin’ while the gettin’s good

Aaron Press, LexisNexis Director of ecommerce and payments, says that while EMV may cut down on fraud at the point of sale, “EMV may actually increase fraud. Because fraudulent card credentials will no longer be useful at POS, fraudsters are likely to turn to the online channel.”

And Xu writes, “It appears that 2015′s upcoming EMV upgrade has stirred up hackers into a feeding frenzy, hoping to take advantage of the U.S.’s legacy mag-stripe vulnerabilities before [they’re] gone for good.”

Press calls for tokenization to make EMV work

“If tokenization [the process of breaking a stream of text up into words, phrases, symbols] is widely adopted, it can help alleviate both POS and ecommerce payment fraud by reducing the volume of payment credentials available to fraudsters. “

Following recent data breaches at major retailers (Target and Neiman Marcus, et al.), American merchants will follow the lead of others around the world and drop magnetic stripes in favor of chips on the 1.2 billion credit and debit cards currently used in the U.S.

The new cards are called EMV. The “E” stands for Europay and the “M” and “V” stand for MasterCard and Visa, companies that first backed the idea of a chip to replace magnetic stripes. Credit card networks have set a deadline of October 2015 – less than 18 months away – for most U.S. merchants to adopt EMV payments systems. Following this deadline, any retailers and banks supporting magnetic stripe cards will be liable for fraud losses as a result.

“The U.S. is the final G-20 country to make the transition to EMV chip cards,” said Julie Conroy, retail banking research director, Aite Group. “While the transition will effectively address the rapid increasing rates of counterfeit fraud, fraudsters will focus their efforts more intensely online, as they have in all other countries that have made the switch to EMV. Merchants and issuers alike need to adjust their online defenses to combat the fraud while at the same time preserving the customer experience.”

Because they create a unique code for each transaction, EMV chip cards are much more difficult to hack or counterfeit than current striped cards. Therefore, many criminals have taken their “talent” for fraud, moved it online and become cybercriminals.

With the introduction of the EMV chip, UK credit card fraud has gone down dramatically according to Financial Fraud Action UK. However, online fraud increased 21 percent in Europe as a whole in 2012, in part due to the introduction of EMV cards.

“Card providers and online merchants need to be aware of the likely increase in online fraud associated with the adoption of EMV chip cards,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “Retailers are up against a hard deadline to make the switch to EMV payments systems, but they need to be prepared for the influx of online fraud that will go hand in hand with the transition to EMV. We have seen this in every single country that introduced EMV – and it will happen here as well.”

ThreatMetrix has outlined several cybersecurity strategies to help merchants and card providers protect their businesses and customers during the transition to EMV chip cards, including:

• Frictionless context-based authentication – To protect customers from the potential increase in online fraud, merchants and card providers should implement frictionless context-based authentication. This strategy enables businesses to establish trust for each account login based on a fully-anonymized user identity, device usage, geolocation, customer behavior and other factors without compromising the user’s identity or workforce efficiency.

• Real-time trust analytics – To protect cardholders from potential online fraud or identity theft, merchants, card providers and other financial institutions should use real-time trust analytics. These offer instant analysis of device, location and behavioral context for every authentication attempt. Using a consistent set of identity authentication policies compared against global benchmarks derived from industry peers, the size and scale of the enterprise, geographic location and more, real-time trust analytics offer unprecedented identity authentication policies.

Subscribe

Share

Tags

From The Blog

New Survey of Retailers Has Security and Upgrading Point-of-Sale Payment Systems as Top Priorities Boston Retail Partners, an independent consulting firm, recently surveyed more than 500 retailers. Even a quick glance at the survey’s results suggests that top-of-mind subjects for retailers are protecting customer data from breaches, the shift in liability for those breaches from banks and credit card companies to retailers and upgrading point-of-sale systems to take advantage of EMV and NFC technologies. In his story on digitaltransactions.net, Kevin Woodward details results of the…

Real-Time Web Fraud Map

See Real-time Cybercrime Prevention.
The ThreatMetrix™ Web Fraud Map shows you cyberthreats as they happen.